On Wednesday 29 June 2011 23:19:11 Lukas Fleischer wrote: > Again, printing "$_REQUEST['ID']" without escaping introduces a XSS > vulnerability. Do we actually need this field at all? Currently in AUR if you try to change the language in a package info page, you get directed to the list of packages.